Initial commit

commands/audit-compliance.md

@@ -0,0 +1,44 @@
+# Audit Compliance Command
+
+You are performing a regulatory compliance audit of the codebase. Follow these steps:
+
+## Audit Scope
+
+1. **Security & Privacy**
+   - Check for PII handling and anonymization
+   - Verify encryption is used for sensitive data (AES-256 or better)
+   - Ensure audit logging is in place for all data access
+   - Review authentication and authorization mechanisms
+
+2. **Data Handling**
+   - Identify all locations where sensitive data is processed
+   - Verify data retention policies are implemented
+   - Check for proper input validation and sanitization
+   - Review database query security (SQL injection prevention)
+
+3. **Compliance Standards**
+   - FISMA compliance requirements
+   - FedRAMP compliance requirements
+   - Industry-specific regulations (e.g., mortgage servicing regulations)
+   - Review code comments for compliance annotations
+
+4. **Documentation**
+   - Verify all compliance-critical functions are documented
+   - Check for security assumptions documented in code
+   - Review API documentation for security warnings
+
+## Output Format
+
+Generate a structured audit report with:
+- **Critical Issues**: Security vulnerabilities or compliance violations
+- **Warnings**: Potential compliance concerns requiring review
+- **Recommendations**: Best practices to improve compliance posture
+- **Compliant Sections**: Areas that meet compliance requirements
+
+## Deliverable
+
+Present findings in a clear, actionable format with:
+- File paths and line numbers for each issue
+- Specific remediation steps
+- Priority levels (Critical, High, Medium, Low)
+- References to relevant compliance standards

commands/generate-audit-report.md

@@ -0,0 +1,63 @@
+# Generate Audit Report Command
+
+Create a comprehensive compliance audit report for the current project.
+
+## Report Structure
+
+### 1. Executive Summary
+- Overall compliance status
+- Critical findings count
+- High-priority recommendations
+- Compliance score (if applicable)
+
+### 2. Scope & Methodology
+- Files and directories audited
+- Compliance frameworks evaluated against
+- Audit timestamp and version
+
+### 3. Detailed Findings
+
+For each finding, include:
+- **Finding ID**: Unique identifier (e.g., COMP-001)
+- **Severity**: Critical / High / Medium / Low
+- **Category**: Security, Privacy, Data Handling, Documentation
+- **Location**: File path and line numbers
+- **Description**: What the issue is
+- **Impact**: Potential compliance or security impact
+- **Recommendation**: Specific steps to remediate
+- **Standard Reference**: Which compliance standard this relates to
+
+### 4. Compliance Matrix
+
+Create a table showing:
+- Requirement area
+- Current status (Compliant / Partial / Non-Compliant)
+- Evidence or gaps
+- Action items
+
+### 5. Recommendations
+
+Prioritized list of remediation actions:
+1. Immediate actions (critical issues)
+2. Short-term improvements (high priority)
+3. Long-term enhancements (medium priority)
+
+### 6. Appendix
+- Glossary of compliance terms
+- References to standards and regulations
+- Audit methodology details
+
+## Output Format
+
+Generate the report as a Markdown document that can be:
+- Saved to `compliance-audit-report.md`
+- Converted to PDF for stakeholder review
+- Tracked in version control for compliance history
+
+## Best Practices
+
+- Use clear, non-technical language for executive summary
+- Provide specific, actionable recommendations
+- Include code snippets showing both the issue and the fix
+- Reference specific compliance standard sections
+- Include a risk assessment for each finding